package com.ibm.ws.security.acme.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.kernel.service.utils.FrameworkState;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/acme/internal/AcmeCertCheckerTask.class */
public class AcmeCertCheckerTask implements Runnable {
    private static final TraceComponent tc = Tr.register(AcmeCertCheckerTask.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private final AcmeProviderImpl acmeProviderImpl;
    private ScheduledFuture<?> certChecker;
    private ScheduledExecutorService service = null;
    private volatile boolean runningOnErrorSchedule = false;
    static final long serialVersionUID = 2362255497801895616L;

    public AcmeCertCheckerTask(AcmeProviderImpl acmeProviderImpl) {
        this.acmeProviderImpl = acmeProviderImpl;
    }

    public synchronized void stop() {
        cancel(true);
        this.certChecker = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0055, code lost:
    
        if (com.ibm.ws.security.acme.internal.AcmeProviderImpl.getAcmeConfig().isRevocationCheckerEnabled().booleanValue() == false) goto L14;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void startCertificateChecker(java.util.concurrent.ScheduledExecutorService r6) {
        /*
            Method dump skipped, instructions count: 271
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.acme.internal.AcmeCertCheckerTask.startCertificateChecker(java.util.concurrent.ScheduledExecutorService):void");
    }

    @Override // java.lang.Runnable
    @FFDCIgnore({Throwable.class})
    public void run() {
        boolean z = false;
        boolean z2 = false;
        List list = null;
        if (FrameworkState.isStopping()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Server is marked as stopping, cert checker will stop itself.", new Object[0]);
            }
            stop();
            return;
        }
        this.acmeProviderImpl.acquireWriteLock();
        try {
            try {
                List<X509Certificate> configuredDefaultCertificateChain = this.acmeProviderImpl.getConfiguredDefaultCertificateChain();
                if (configuredDefaultCertificateChain == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Attempted to check the current certificate, but it was null.", new Object[0]);
                    }
                    this.acmeProviderImpl.releaseWriteLock();
                    return;
                }
                AcmeProviderImpl acmeProviderImpl = this.acmeProviderImpl;
                if (AcmeProviderImpl.getAcmeConfig().isAutoRenewOnExpiration() && this.acmeProviderImpl.isExpired(configuredDefaultCertificateChain)) {
                    z = true;
                } else if (this.acmeProviderImpl.isRevoked(configuredDefaultCertificateChain)) {
                    z2 = true;
                }
                if (z || z2) {
                    if (z) {
                        TraceComponent traceComponent = tc;
                        AcmeProviderImpl acmeProviderImpl2 = this.acmeProviderImpl;
                        Tr.info(traceComponent, "CWPKI2052I", new Object[]{configuredDefaultCertificateChain.get(0).getSerialNumber().toString(16), configuredDefaultCertificateChain.get(0).getNotAfter().toInstant().toString(), AcmeProviderImpl.getAcmeConfig().getDirectoryURI()});
                    } else if (z2) {
                        TraceComponent traceComponent2 = tc;
                        AcmeProviderImpl acmeProviderImpl3 = this.acmeProviderImpl;
                        Tr.info(traceComponent2, "CWPKI2067I", new Object[]{configuredDefaultCertificateChain.get(0).getSerialNumber().toString(16), AcmeProviderImpl.getAcmeConfig().getDirectoryURI()});
                    }
                    this.acmeProviderImpl.renewCertificate();
                } else {
                    if (tc.isDebugEnabled()) {
                        TraceComponent traceComponent3 = tc;
                        StringBuilder append = new StringBuilder().append("ACME automatic certificate checker verified that the ACME CA cert is valid. Next check is ");
                        AcmeProviderImpl acmeProviderImpl4 = this.acmeProviderImpl;
                        Tr.debug(traceComponent3, append.append(AcmeProviderImpl.getAcmeConfig().getCertCheckerScheduler()).append("ms. SN is ").append(configuredDefaultCertificateChain.get(0).getSerialNumber().toString(16)).toString(), new Object[0]);
                    }
                    if (this.runningOnErrorSchedule) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "ACME automatic certificate checker was running on error time, but we have a valid certificate, swap back to the regular schedule", new Object[0]);
                        }
                        startRegularSchedule();
                    }
                }
                this.acmeProviderImpl.releaseWriteLock();
            } catch (Throwable th) {
                if (FrameworkState.isStopping()) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Caught an exception, but server is marked as stopping, cert checker returning.", new Object[0]);
                    }
                    this.acmeProviderImpl.releaseWriteLock();
                    return;
                }
                try {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Requested a new certificate, but request failed.", new Object[]{th});
                    }
                    if (0 == 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Attempted to check the current certificate, but it was null. Stay on regular schedule.", new Object[0]);
                        }
                        this.acmeProviderImpl.releaseWriteLock();
                        return;
                    }
                    String bigInteger = ((X509Certificate) list.get(0)).getSerialNumber().toString(16);
                    if (0 != 0) {
                        TraceComponent traceComponent4 = tc;
                        StringBuilder sb = new StringBuilder();
                        AcmeProviderImpl acmeProviderImpl5 = this.acmeProviderImpl;
                        Tr.warning(traceComponent4, "CWPKI2065W", new Object[]{bigInteger, sb.append(AcmeProviderImpl.getAcmeConfig().getCertCheckerErrorScheduler()).append("ms").toString(), ((X509Certificate) list.get(0)).getNotAfter().toInstant().toString(), th});
                    } else if (0 != 0) {
                        TraceComponent traceComponent5 = tc;
                        StringBuilder sb2 = new StringBuilder();
                        AcmeProviderImpl acmeProviderImpl6 = this.acmeProviderImpl;
                        Tr.error(traceComponent5, "CWPKI2066E", new Object[]{bigInteger, sb2.append(AcmeProviderImpl.getAcmeConfig().getCertCheckerErrorScheduler()).append("ms").toString(), th});
                    } else {
                        TraceComponent traceComponent6 = tc;
                        StringBuilder sb3 = new StringBuilder();
                        AcmeProviderImpl acmeProviderImpl7 = this.acmeProviderImpl;
                        Tr.warning(traceComponent6, "CWPKI2068W", new Object[]{bigInteger, sb3.append(AcmeProviderImpl.getAcmeConfig().getCertCheckerErrorScheduler()).append("ms").toString(), th});
                    }
                    cancel(false);
                    if (tc.isDebugEnabled()) {
                        TraceComponent traceComponent7 = tc;
                        StringBuilder append2 = new StringBuilder().append("Certificate request failed, swapping to the error schedule: ");
                        AcmeProviderImpl acmeProviderImpl8 = this.acmeProviderImpl;
                        Tr.debug(traceComponent7, append2.append(AcmeProviderImpl.getAcmeConfig().getCertCheckerErrorScheduler()).toString(), new Object[0]);
                    }
                    startErrorSchedule();
                    this.acmeProviderImpl.releaseWriteLock();
                } finally {
                    startErrorSchedule();
                }
            }
        } catch (Throwable th2) {
            this.acmeProviderImpl.releaseWriteLock();
            throw th2;
        }
    }

    private synchronized void cancel(boolean z) {
        if (this.certChecker != null) {
            this.certChecker.cancel(z);
        }
    }

    private void startRegularSchedule() {
        cancel(false);
        ScheduledExecutorService scheduledExecutorService = this.service;
        AcmeProviderImpl acmeProviderImpl = this.acmeProviderImpl;
        long longValue = AcmeProviderImpl.getAcmeConfig().getCertCheckerScheduler().longValue();
        AcmeProviderImpl acmeProviderImpl2 = this.acmeProviderImpl;
        this.certChecker = scheduledExecutorService.scheduleAtFixedRate(this, longValue, AcmeProviderImpl.getAcmeConfig().getCertCheckerScheduler().longValue(), TimeUnit.MILLISECONDS);
        this.runningOnErrorSchedule = false;
    }

    private void startErrorSchedule() {
        cancel(false);
        ScheduledExecutorService scheduledExecutorService = this.service;
        AcmeProviderImpl acmeProviderImpl = this.acmeProviderImpl;
        long longValue = AcmeProviderImpl.getAcmeConfig().getCertCheckerErrorScheduler().longValue();
        AcmeProviderImpl acmeProviderImpl2 = this.acmeProviderImpl;
        this.certChecker = scheduledExecutorService.scheduleAtFixedRate(this, longValue, AcmeProviderImpl.getAcmeConfig().getCertCheckerErrorScheduler().longValue(), TimeUnit.MILLISECONDS);
        this.runningOnErrorSchedule = true;
    }
}
